Useful commands

Linux

Displaying and Modifying Text Files #

The cat file command (intended to concatenate files to the standard output device) reads a file and displays its contents on the terminal. If the file is too big to fit on a screen, you can use a pager such as less (or more) to display it page by page. The editor command starts a text editor (such as Vi or Nano) and allows creating, modifying, and reading text files. The simplest files can sometimes be created directly from the command interpreter thanks to redirection:command>file creates a file named file containing the output of the given command.command»file is similar except that it appends the output of the command to the file rather than overwriting it.

$echo ”Kali rules!” > kali-rules.txt
$cat kali-rules.txt
Kali rules!
$echo ”Kali is the best!” >> kali-rules.txt
$cat kali-rules.txt
Kali rules!
Kali is the best!

Searching for Files and within Files #

The find directory criteria command searches for files in the hierarchy under directory ac-cording to several criteria. The most commonly used criterion is -name filename, which allows searching for a file by name. You can also use common wildcards such as “*” in the file namesearch.

$find /etc -name hosts
/etc/hosts
/etc/avahi/hosts
$find /etc -name ”hosts*”
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
/etc/avahi/hosts

The grep expression files command searches the contents of the files and extracts lines matching the regular expression. Adding the -r option enables a recursive search on all files contained in the directory. This allows you to look for a file when you only know a part of its contents.

Managing Processes #

The ps aux command lists the processes currently running and helps to identify them by showing their PID. Once you know the PID of a process, the kill -signal pid command allows you to send it a signal (if you own the process). Several signals exist; most commonly used are TERM(a request to terminate gracefully) and KILL(a forced kill).

The command interpreter can also run programs in the background if the command is followed by “&”. By using the ampersand, you resume control of the shell immediately even though the command is still running (hidden from view as a background process). The jobs command lists the processes running in the background; running fg %job-number(for foreground) restores a job to the foreground. When a command is running in the foreground (either because it was started normally, or brought back to the foreground with fg), the Control+Z key combination pauses the process and resumes control of the command line. The process can then be restarted in the background with bg %job-number(for background).

Managing Rights #

Linux is a multi-user system so it is necessary to provide a permissions system to control the set of authorized operations on files and directories, which includes all the system resources and devices(on a Unix system, any device is represented by a file or directory). This principle is common to all Unix-like systems.Each file or directory has specific permissions for three categories of users:

  • Its owner (symbolized by u, as in user)
  • ts owner group (symbolized by g, as in group), representing all the members of the group.
  • The others (symbolized by o, as in other).

Three types of rights can be combined:

  • reading (symbolized by r, as in read);
  • writing (or modifying, symbolized byw, as in write);
  • executing (symbolized by x, as in eXecute).

In the case of a file, these rights are easily understood: read access allows reading the content(including copying), write access allows changing it, and execute access allows running it (which will only work if it is a program).

Two particular rights are relevant to executable files:setuid and setgid (symbolized with the letter “s”).Note that we frequently speak of bit, since each of these boolean values can be represented by a 0 or a 1. These two rights allow any user to execute the program with the rights of the owner or the group, respectively.This mechanism grants access to features requiring higher level permissions than those you would usually have. Since a setuid root program is systematically run under the super-user identity, it is very important to ensure it is secure and reliable. Any user who manages to subvert a setuid root program to call a command of their choice could then impersonate the root user and have all rights on the system. Penetration testers regularly search for these types of files when they gain access to a system as a way of escalating their privileges.

A directory is handled differently from a file. Read access gives the right to consult the list of its contents (files and directories); write access allows creating or deleting files; and execute access allows crossing through the directory to access its contents (for example, with the cd command).Being able to cross through a directory without being able to read it gives the user permission to access the entries therein that are known by name, but not to find them without knowing their exact name.

Thes etgid bit also applies to directories. Any newly-created item in such directories is automatically assigned the owner group of the parent directory, instead of inheriting the creator’s main group as usual. Because of this, you don’t have to change your main group (with the new grp command) when working in a file tree shared between several users of the same dedicated group.The sticky bit(symbolized by the letter “t”) is a permission that is only useful in directories. It is especially used for temporary directories where everybody has write access (such as/tmp/): it restricts deletion of files so that only their owner or the owner of the parent directory can delete them. Lacking this, everyone could delete other users’ files in/tmp/.

Three commands control the permissions associated with a file:

  • chownuser filechanges the owner of the file

    Frequently you want to change the group of a file at the same time that you change the owner. The chown command has a special syntax for that: chown user:group file

  • chgrp group file alters the owner group

  • chmod rights file changes the permissions for the file

There are two ways of representing rights. Among them, the symbolic representation is probably the easiest to understand and remember. It involves the letter symbols mentioned above. You can define rights for each category of users (u/g/o), by setting them explicitly (with=), by adding (+), or subtracting (-). Thus the u=rwx, g+rw, o-r formula gives the owner read, write, and execute rights, adds read and write rights for the owner group, and removes read rights for other users.Rights not altered by the addition or subtraction in such a command remain unmodified. The letter a, for all, covers all three categories of users, so that a=rx grants all three categories the same rights (read and execute, but not write).The (octal) numeric representation associates each right with a value: 4 for read, 2 for write, and1 for execute. We associate each combination of rights with the sum of the three figures, and a value is assigned to each category of users, in the usual order (owner, group, others). For instance, the chmod 754 filecommand will set the following rights: read, write and execute for the owner (since 7 = 4 + 2 + 1); read and execute for the group (since 5 = 4 + 1); read-only for others. The 0 means no rights; thus chmod 600 file allows for read and write permissions for the owner, and no rights for anyone else. The most frequent right combinations are 755 for executable files and directories, and 644 for data files.To represent special rights, you can prefix a fourth digit to this number according to the same principle, where these tuid, setgid, and sticky bits are 4, 2, and 1, respectively. The command chmod 4754 will associate these tuidbit with the previously described rights. Note that the use of octal notation only allows you to set all the rights at once on a file; you cannot use it to add a new right, such as read access for the group owner, since you must take into account the existing rights and compute the new corresponding numerical value.The octal representation is also used with the umask command, which is used to restrict permissions on newly created files. When an application creates a file, it assigns indicative permissions,knowing that the system automatically removes the rights defined with umask. Enter umask in a shell; you will see a mask such as0022. This is simply an octal representation of the rights to be systematically removed (in this case, the write rights for the group and other users).If you give it a new octal value, the umask command modifies the mask. Used in a shell initialization file (for example,~/.bash_profile), it will effectively change the default mask for your work sessions.

Sometimes we have to change rights for an entire file tree. All the commands above have a-R option to operate recursively in sub-directories.The distinction between directories and files sometimes causes problems with recursive operations. That is why the “X” letter has been introduced in the symbolic representation of rights. It represents a right to execute which applies only to directories(and not to files lacking this right). Thus,chmod -R a+X directory will only add execute rights for all categories of users (a) for all of the sub-directories and files for which at least one category of user (even if their sole owner) already has execute rights.

Disable MItigation #

Add this to your /etc/default/grub under line GRUB_CMDLINE_LINUX="rhgb quiet":

GRUB_CMDLINE_LINUX="rhgb quiet mitigations=off"